From nobody@FreeBSD.ORG  Mon Oct 23 09:23:59 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id A4C3437B479; Mon, 23 Oct 2000 09:23:59 -0700 (PDT)
Message-Id: <20001023162359.A4C3437B479@hub.freebsd.org>
Date: Mon, 23 Oct 2000 09:23:59 -0700 (PDT)
From: daveg@chiaro.com
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: Uninitialized field in radix_node structure
X-Send-Pr-Version: www-1.0

>Number:         22244
>Category:       kern
>Synopsis:       [MFC] Uninitialized field in radix_node structure
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    wollman
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 23 09:30:00 PDT 2000
>Closed-Date:    Mon Mar 5 17:14:02 PST 2001
>Last-Modified:  Mon Mar 05 17:14:36 PST 2001
>Originator:     Dave Gillam
>Release:        4.0
>Organization:
Chiaro Networks
>Environment:
FreeBSD bsd3.chiaro.com 4.0-RELEASE FreeBSD 4.0-RELEASE #0: Tue Sep  5 10:38:30 
CDT 2000     daveg@bsd3.chiaro.com:/usr/src/sys/compile/bsd3  i386


>Description:
The rn_mklist field of the radix_node structure is not always set to 
NULL when a radix_node is inserted into the radix tree.  This can 
cause the code to incorrectly traverse a rn_mklist list and also
causes rn_delete() to emit log messages.
>How-To-Repeat:
Continual add and remove radix_node from a radix tree.
>Fix:
zero out the rn_mklist field in the function rn_newpair().

*** radix.c     2000/05/25 17:14:47     1.2
--- radix.c     2000/10/16 17:29:25     1.3
***************
*** 340,345 ****
--- 340,346 ----
        t->rn_l = tt; t->rn_off = b >> 3;
        tt->rn_b = -1; tt->rn_key = (caddr_t)v; tt->rn_p = t;
        tt->rn_flags = t->rn_flags = RNF_ACTIVE;
+       t->rn_mklist = tt->rn_mklist = 0;       /* zero mask list */
  #ifdef RN_DEBUG
        tt->rn_info = rn_nodenum++; t->rn_info = rn_nodenum++;
        tt->rn_twin = t; tt->rn_ybro = rn_clist; rn_clist = tt;


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->suspended 
State-Changed-By: wollman 
State-Changed-When: Fri Oct 27 13:50:21 PDT 2000 
State-Changed-Why:  
Awaiting MFC (probably not in time for 4.2). 


Responsible-Changed-From-To: freebsd-bugs->wollman 
Responsible-Changed-By: wollman 
Responsible-Changed-When: Fri Oct 27 13:50:21 PDT 2000 
Responsible-Changed-Why:  
I did the integration. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=22244 
State-Changed-From-To: suspended->closed 
State-Changed-By: wollman 
State-Changed-When: Mon Mar 5 17:14:02 PST 2001 
State-Changed-Why:  
obrien MFC'd the fix. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=22244 
>Unformatted:
